System and method for protection against skimming of information from contactless cards

ABSTRACT

Contactless payment cards with on-card microchips are transported in mailers with RF shielding. The RF shielding is designed to prevent communication with and skimming of information from the contactless cards enclosed in the mailers while in transit.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation-in-part of U.S. nonprovisional patentapplication Ser. No. 11/865,209, filed on Oct. 1, 2007, which is acontinuation of application no. PCT/US06/12053, filed on Apr. 3, 2006,and which claims the benefit of U.S. provisional patent application No.60/667,864 filed on Apr. 1, 2005; this application is also acontinuation-in-part of U.S. nonprovisional patent application Ser. No.11/964,938, filed Dec. 27, 2007; the above-recited application Ser. Nos.11/865,209; PCT/US06/12053; 60/667,864 and 11/964,938 are herebyincorporated by reference herein in their entirety.

BACKGROUND OF THE INVENTION

This invention relates to payment cards that are used for mailingcontactless payment transactions. In particular, the invention relatesto techniques for fraud prevention in proximity, contactless or smartcard payment systems.

Payment cards such as credit or debit cards are ubiquitous. For decades,such cards have included magnetic stripe cards on which the relevantaccount number is stored. To consummate a purchase transaction with sucha card, the card is swiped through a magnetic stripe reader that is partof a point of sale (POS) terminal. The reader reads the account numberfrom the magnetic stripe. The account number is then used to route atransaction authorization request that is initiated by the POS terminal.

In pursuit of still greater convenience and more rapid transactions atPOS terminals, payment cards have more recently been developed thatallow the account number to be automatically read from the card by radiofrequency communication between the card and a so-called “proximityreader” that may be incorporated with the POS terminal. In such cards,often referred to as “proximity payment cards”, a radio frequencyidentification (RFID) integrated circuit (IC, often referred to as a“chip”) is embedded in the card body. A suitable loop antenna, formed ofone or more turns of a conductive material, is also embedded in the cardbody. There are conductive connections between the antenna and the RFIDchip to allow the chip to receive and transmit data by RF communicationvia the antenna. In typical arrangements, the RFID chip is powered froman interrogation signal that is transmitted by the proximity reader andreceived by the card antenna.

MasterCard International Incorporated, the assignee hereof, hasestablished a widely-used standard, known as “PayPass”, forinteroperability of proximity payment cards and proximity readers.

Conventional practices call for the loop antenna in a proximity paymentcard to generally follow the outline of the card body in order tomaximize the planar extent of the antenna. All other things being equal,the larger the extent of the antenna, the more reliable is the couplingbetween the proximity payment card and the proximity reader.

The present inventor has recognized a need to provide enhanced securityfor proximity payment devices. One issue the inventor has addressed isthe potential for proximity payment cards to be read by unauthorizedpersons who have the intention of collecting account number forfraudulent purposes.

Proximity payments are used in situations where, although the purchaseris present, it is useful or at least more convenient to be able to makea payment without having to make physical contact with the vendor/payee.The purchaser, for example, may use a contactless “smart card” to make aproximity payment without having to manually swipe a card through aconventional point-of-sale device (i.e., a magnetic strip card reader).An exemplary contactless smart card is a MasterCard PayPass™ card. Thiscard is an enhanced payment card that features a hidden embeddedmicroprocessor chip and antenna (i.e. a miniature Radio Frequency (RF)transceiver chip and an antenna). The MasterCard PayPass system providesa purchaser with a simpler way to pay. The purchaser can simply tap orwave his or her MasterCard PayPass payment card on a specially equippedmerchant terminal that then transmits payment details wirelessly usingradio frequency signals, eliminating the need to swipe the card througha reader. Account details are communicated directly to the speciallyequipped merchant terminal and are then processed through MasterCard'shighly trusted acceptance network. Moments after the purchaser taps theterminal with his or her MasterCard PayPass card, he/she receivespayment confirmation and is on his/her way.

Proximity payment systems based on smart cards (such as MasterCardPayPass) may be advantageously implemented in traditional cash-onlyenvironments where speed is essential, (e.g., quick serve and casualrestaurants, gas stations and movie theaters). Purchaser information,which may be stored in a microchip on the smart card, is sent directlyfrom the microchip to a point-of-sale (POS) device or other wirelessreader device, which may be up to about 10 cms away. Proximity paymentsalso may be made using other payment devices (e.g., a mobile phone, PDA,or handheld computer), which are suitably configured to carry amicrochip that stores and retransmits stored or processed accountinformation when required. Common industry infrared or wirelessprotocols (e.g., Bluetooth) may govern communication between the paymentdevice and the vendor/payee's wireless reader or POS device.

As with electronic payment transactions conducted over the Internet andother e-commerce transactions, both parties to a proximity paymenttransaction will have security concerns. Payers need reassurance thatthe vendor/payees are not unscrupulous criminals who will misuse payerinformation, the vendor/payees need to know that the payers arelegitimate and both parties need to know that unauthorized third partiescannot intercept the transaction information. A number of techniques,which address at least some of these security concerns, are available.Data encryption techniques, for example, can be used to securetransaction information during transmission.

The proximity and smart card payment systems take advantage of the newon-card chip technology to deploy cardholder verification methods tomake secure transactions. Purchases made with the cards can be verified,for example, by use of a personal identification number, or PIN. Theproximity and smart cards aim to cut fraud by including an on-cardmicrochip, which can store more information than the usual magneticstrips, and also by having users verify transactions by keying in apersonal identification number (PIN) rather than signing a receipt.However, as with any technology, the security provided by on-card chiptechnology is not infallible. Fraudsters can find new ways of illegallyaccessing cardholder information to breach security.

Consideration is now directed toward improving schemes for safeguardingcardholder information to prevent, for example, fraudulent use of stolenor lost payment cards. In particular, attention is directed to securingthe information contained in proximity, contactless or smart paymentcards.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic plan view of a mailable assembly which includes aproximity payment card and which is provided in accordance with aspectsof the present invention.

FIG. 2 is a schematic side view of the mailable assembly of FIG. 1.

FIG. 3 is a schematic plan view of the proximity payment card shown inFIGS. 1 and 2.

FIG. 4 is a schematic sectional view of a shielding label which is partof the mailable assembly of FIGS. 1 and 2.

FIG. 5 is a view similar to FIG. 2, showing an alternative embodiment ofthe mailable assembly.

FIG. 6 is a flow chart that illustrates aspects of a method provided inaccordance with some embodiments.

FIG. 7 is an illustration of an exemplary mailer having RF-shieldingmaterial, which is designed to prevent intruding RF-signals fromcommunicating with an enclosed payment card having an on-card microchip,in accordance with aspects of the invention.

DETAILED DESCRIPTION

In general, and for the purpose of introducing concepts of embodimentsof the present invention, an assembly in which a proximity payment cardis mailed to the intended holder thereof also includes a protectivelabel that is adhered to the face of the card and shields the cardantenna to prevent unauthorized reading of the card while it is intransit. According to other aspects, the size of the card antenna isreduced, and the antenna is located within the card body, so that theprotective label may be the same size and in the same location on thecard as labels that are applied to payment cards in conventional cardfulfillment operations.

In accordance with other aspects of the present invention, a system anda method are provided for safeguarding cardholder information stored inproximity, contactless or smart cards. The system and a method involvetransporting the cards in RF-shielded environments that preventunauthorized RF intrusion or access to the on-card chip circuits. Theinvention advantageously further reduces opportunities for fraud inpayment-by-card systems.

The advantages of the invention may be understood with reference tocounterfeiting, which is a type of card fraud that is prevalent withcurrent electronic or paper payment systems that are based, for example,on plastic cards in which magnetic stripes or embossed structurescontain cardholder information. A counterfeit card is one that has beenprinted, embossed or encoded without the consent or knowledge of thecard issuer, or one that has been validly issued but has then beenaltered or recoded. A common method of counterfeiting is calledskimming, in which the counterfeiters copy the information stored in themagnetic stripes on plastic cards. The counterfeiter copies theinformation stored in the magnetic stripe, for example, by swiping itthrough a small card reader. Armed with this information, thecounterfeiter can then produce counterfeit cards and use them to carryout fraudulent transactions.

Proximity, contactless and smart cards in which computer chips areembedded hold more information, but in a more secure environment, thancan be stored magnetic stripe cards. However, in some circumstances athief or counterfeiter may be able to access the information stored inproximity or smart cards.

The present invention is designed to preclude skimming (i.e., stealing)of cardholder information when proximity, contactless or smart cards arein transit, for example, sent to the cardholders through public mail.

The on-card chips have electronic circuits, which exploitelectromagnetic or electrostatic coupling in the radio frequency (RF)portion of the electromagnetic portion of the electromagnetic spectrumto communicate with card reader units (e.g., Point of Sale devices). Acard reader unit may include an RF antenna and a transceiver. The readerunit emits radio waves, and when a proximity, contactless or smart cardis placed within the range of the card reader unit, the on-card chipresponds and starts sending data to the reader unit. The on-card chipsthemselves may come in a wide variety of sizes, shapes and forms buthave common attributes; each includes low-energy broadcast circuitry,programmable data storage and operating circuitry. The on-card chips maybe with and without batteries, and they can be read only or read/write.Typically, on-card chips without batteries (passive circuits) aresmaller and lighter than those that are with batteries (activecircuits), and less expensive. The passive on-card chip circuits arepowered and activated by the reader units. In either case, whenactivated on-card chip circuits can broadcast stored information overradio frequency waves.

At least theoretically, it is possible for an unauthorized person orfraudster to use a card reader or similar RF device to extractcardholder information stored in an on-card chip in a manner similar tousing an unauthorized magnetic stripe card reader to skim informationform magnetic stripe cards. In the case of proximity, contactless orsmart cards, a potential opportunity for accessing card informationarises when card issuers send cards by mail to cardholders, for example,in conventional postal envelopes or mailing packages. The unauthorizedperson or fraudster may use a card reader or similar RF device toactivate the on-chip card and extract card information while the card isin transit. The unauthorized person may literally do so without openingthe envelope—possibly even while the card is still in a mailbox.

FIG. 1 is a schematic plan view of a mailable assembly 100 whichincludes a proximity payment card 102 and which is provided inaccordance with aspects of the present invention. FIG. 2 is a schematicside view of the mailable assembly 100.

The mailable assembly 100 includes a backing sheet 104 to which theproximity payment card 102 is adhered. The mailable assembly 100 alsoincludes a protective label 106 which is adhered to the face (frontsurface 108) of the proximity payment card 102.

The rounded-corner dashed line rectangle indicated at 110 in FIG. 1substantially indicates the locus of a loop antenna which is embedded inthe proximity payment card 102. The antenna 110 is also schematicallyshown in a somewhat different fashion in FIG. 3.

FIG. 3 is a schematic plan view of the proximity payment card 102. Theproximity payment card 102 includes a plastic card body indicated byreference numeral 302 in FIG. 3. The card body 102 is generallyrectangular and planar and has dimensions in accordance with the wellknown ID-1 standard for identification cards. Consequently, the lengthof the card body 302 and of the card 102 is substantially 85.6 mm andthe width or height of the card body 302 and of the card 102 issubstantially 53.98 mm. With these dimensions, issuance of the card maybe processed using conventional identification card processingequipment. It will be observed that the card body 302 has two relativelylong edges 304 and 306 and two relatively short edges 308 and 310. Thelong edges 304 and 306 are parallel to each other and the short edges308 and 310 are parallel to each other.

The proximity payment card 102 also includes an RFID chip 312. Theantenna 110 is coupled to the RFID chip 312 in a conventional manner toallow for the RFID chip 312 to receive power signals from, and toexchange RF communications with, proximity reader components (not shown)of POS terminals (not shown). The RFID chip 312 is embedded in the cardbody 302. An account number that corresponds to the account to beaccessed with the proximity payment card 102 is stored in the RFID chip312 in such a manner that the account number is transmitted from theproximity payment card 102 to a proximity reader component of a POSterminal during a conventional interaction between the proximity paymentcard 102 and the proximity reader.

In accordance with conventional practices, the antenna 110 may be formedof one or more loops of a conductive material, located substantially asindicated in FIGS. 1 and 3.

For reasons that will be made clear below, it is preferable that theantenna 110 have a certain geometry, certain dimensions, and be locatedin a certain manner within the card body 302. The preferred antennageometry, dimensions and location as described below are premised on thecard body having the above-mentioned ID-1 standard dimensions.

It is preferred then that the antenna 110 be substantially rectangularwith a length of substantially 70 mm and a width of 22 mm. It ispreferred that the antenna 110 be located 3.5 mm from the top edge 304of the card body 302 and located 7.8 mm from the side edges 308 and 310of the card body 302. With this geometry, set of dimensions and locationwithin the card body 302, the antenna 110 may achieve a preferredaccommodation between two competing objectives. The first objective isthe conventional objective of having the antenna as large in extent asis practically possible. The second objective, which is not believed tohave been recognized in the prior art, is to accommodate the antenna tobeing shielded by a label to be applied to the proximity payment card102 before the proximity payment card 102 is mailed to the prospectivecard holder. In particular, the second objective calls for the label tobe provided in accordance with a standard size for such labels, and forthe label to be applied to the proximity payment card on a customarylocation on the proximity payment card. By achieving the secondobjective, the present invention may allow conventional processingequipment and card processing procedures to be employed while providingenhanced security for proximity payment cards while the same are intransit from the card issuer to the prospective card holder. In otherwords, the proposed preferred antenna geometry, dimensions and locationmay essentially eliminate any disruption to card issuance procedure froma proposed new security feature, since card issuers would not berequired to purchase new card processing equipment, nor to modifycurrently owned card processing equipment, nor to modify card processingprocedures. The only changes required of card issuers, if the preferredproximity card embodiment is employed, are that they obtain a supply ofcard blanks with the antenna geometry, dimensions and location asdescribed above in connection with FIG. 3 and that they use a labelstock with an antenna shielding capability as described below. Thus theadditional card security feature proposed herein may be implemented bycard issuers with little additional cost.

There will now be provided a further explanation for the preferredantenna geometry, dimensions and location. It is customary in issuing apayment card to apply a label to the payment card. The label may, forexample, instruct the card holder to call a certain toll-free telephonenumber for the purpose of confirming receipt of, and activating, thepayment card. The label often complies with a standard size, which isrectangular, 76.2 mm by 25.4 mm. The location at which the label iscustomarily applied to the payment card (an ID-1 card) is typically 2.54mm from the top card edge, with a tolerance of plus or minus 0.51 mm,and 2.54 mm from either the left card edge or the right card edge, againwith a tolerance of plus or minus 0.51 mm. Given this standard size ofthe label, and its standard location (with the above noted tolerances)on the payment card, the above-recited preferred geometry, dimensionsand location of the antenna as described above in connection with FIG. 3result in the largest possible extent of the antenna consistent withhaving the antenna substantially completely covered by the label.(Smaller antennas may alternatively be employed, but are not preferred.)

Although not shown in the drawings, the proximity payment card may haveadditional features, such as a magnetic stripe that allows it to be readby POS terminal mag stripe readers. Another possible additional featuremay be a paper tape on the back of the card on which the card holder maywrite his/her signature. Also there may be printed and/or embossedinformation on the card (such as payment card account number, cardholder's name, etc.) and branding information such as the name and/orlogo of the issuing bank and of the payment card association (e.g.,MasterCard) of which the issuing bank is a member.

FIG. 4 is a schematic sectional view of the protective label 106. Asshown, the label includes three layers, although there may be more orfewer than three. The lower layer 402 may be an adhesive by which thelabel may be adhered to the proximity payment card 102. The layer 402may be of conventional composition. The middle layer 404 may be aconductive material such as a metal foil, suitable for shielding theantenna 110 from receiving RF radiation. The upper layer 406 may, forexample, be paper or another material suitable for printing instructionsto the card holder about how to activate the card.

Given the shielding layer 404 of the label 106, it will be appreciatedfrom FIG. 1, and the position of label 106 relative to antenna 110, thatthe label 106 may substantially shield the antenna 106 from receiving RFradiation, and thus may protect the proximity payment card 102 fromunauthorized reading while it is in transit from the card issuer to thecard holder. The label may be said to “entirely overlap” the antenna inthe sense that the label covers essentially the entire planar extent ofthe antenna (although potentially not covering the leads from theantenna to the RFID chip).

If the threat of unauthorized reading is believed to be particularlysevere, then it may be desirable for the mailable assembly to provideshielding on both sides of the proximity payment card antenna. Amailable assembly 100 a for that purpose is shown in schematiccross-section in FIG. 5. In the mailable assembly 100 a of FIG. 5, theproximity payment card 102 and the label 106 may be the same as shown inFIGS. 1-4, but the backing sheet (reference numeral 104 a in FIG. 5) maybe modified so as to include a conductive layer 502, at least at thelocus of the label 106 and the antenna 110 (not shown in FIG. 5). Theconductive layer 502 may be suitable for shielding the antenna 110 fromreceiving RF radiation, and may be a metal foil, for example.

FIG. 6 is a flow chart that illustrates a process that may be performedfor purposes of fulfilling an order for a proximity payment card. Exceptfor certain features, as described hereinabove, of the proximity paymentcard and the label to be affixed to the card, the process of FIG. 6 maybe performed in a completely conventional manner.

At 602 in FIG. 6, a proximity payment card blank is provided. Preferablythe card blank has an antenna configured as described above. At 604, aprocedure known as “personalization” is applied to the card blank. Forthe sake of concision, “personalization” should be understood to includepre-personalization. During pre-personalization, information is appliedto the card that is common to all cards in the batch of cards beingprocessed. The information may be applied by being printed and/orembossed on the card and/or loaded by RF communication into the card'sRFID chip and/or magnetically stored on the card's mag stripe (ifpresent). During personalization proper, information specific to theparticular card, such as payment card account number and holder's name,is applied to the card. Again the information may be applied to the cardby one or more of printing, embossing, RF communication and/or magneticstorage on the card mag stripe. The personalization step may, inaccordance with conventional practices, be performed by standardautomated equipment.

At 606, the protective label 106 may be adhered to the front surface ofthe card. This also may be done by standard equipment operating in aconventional manner. As has been stated above, it is preferable that thelabel be of a standard size customarily applied to payment cards, andthat the label be applied to a customary standard location on the card.The label may be positioned so as to substantially shield the cardantenna from RF radiation and thus protect the card from unauthorizedreading.

At 608, the rear surface of the card—with the protective label in placeon the front surface of the card—is adhered to the backing sheet. Againthis may be done in a conventional manner. At 610 the backing sheet,with the card and the protective label, is inserted by conventionalequipment into an envelope. At 612, the envelope (including backingsheet, card, label) is mailed to the intended recipient (i.e., to theprospective card holder).

There has been described hereinabove a preferred embodiment in which theproximity payment card antenna is sized and positioned so as toaccommodate standard card fulfillment processing, including applicationof a label that is standard in size (though the label departs from theconventional by having a shielding layer incorporated therein). However,alternative embodiments are possible, and may be preferred in the eventthat it is desired not to reduce the size of the antenna, or not toreduce the size of the antenna as much, relative to the conventionalantenna configuration. For example, if the antenna is in theconventional configuration that is substantially co-extensive with thecard body, then a protective label may be used that also issubstantially co-extensive with the card body. That is, the label inthis embodiment may be quite a bit larger than the label conventionallyapplied to provide activation instructions, and may substantially coverthe entire face of the card. In other embodiments, the antenna may besomewhat larger than as described in conjunction with FIG. 3, but lessextensive than the conventional antenna size. In this case, the labelmay be larger than the standard size label described above, but need notcover the entire card surface.

It would also be possible to change the shape of the antenna (e.g., thelength to width ratio) relative to antennas previously described herein,and to adapt the shape of the protective label accordingly. For example,the long dimension of the antenna may be quite a bit smaller than theantennas described above.

According to an embodiment of the present invention as depicted in FIG.7, and in accordance with aspects of the present invention, contactlesssmart cards for payment applications are sent to cardholders enclosed inmailers with RF-shielding, which prevents external radio frequency wavesfrom penetrating the mailer and activating or communicating with theenclosed cards. An exemplary mailer 700 may include a conventional paperenvelope 710 and/or paper or cardboard insert 720 to which theproximity, contactless or smart card 740 is tacked onto or attached.RF-shielding material 730 is disposed on paper envelope 710, forexample, on interior surfaces proximate to the enclosed card.Alternatively or additionally, RF-shielding material 730 may be disposedon insert 720. RF shielding material 730 may be any suitable materialthat interferes with the transmission of RF frequency waves. Thesuitable RF shielding materials may, for example, include conductiveinks, metallic films or paper, wire screens, and wire mesh pouches. Insome cases, RF-shielding material 730 may simply be a metallic adhesive(e.g., a conductive rubber cement) that can be used to tack the enclosedsmart card in position. It will be understood that according to thepresent invention, RF-shielding material 730 is selected and itsgeometrical disposition is designed based on known electromagneticeffects (e.g., skin depth) so that it (RF-shielding material 730)effectively interferes with RF signals to or from the on-card chip 750.Thus, the inventive mailer prevents unauthorized detection or reading ofthe enclosed card.

The principles taught herein have heretofore been described in thecontext of proximity payment cards. Nevertheless, these teachings arealso applicable to cards or the like issued by transportation systems(e.g., mass transit systems) for access to the transportation systems;to cards used to identify the holder for purposes apart from or inaddition to transaction payments; and to so-called electronic passports(also known as RFID-enabled passports). As used herein and in theappended claims the term “identification card” refers to a card-shapedobject that serves as one or more of a proximity payment card, atransportation card, an identification card and/or an RFID-enabledpassport. The term “transportation card” refers to a card or similardevice used to pay, or confirm or evidence payment of, a charge forusing a transportation system. The term “RFID-enabled passport” refersto an internationally recognized travel document that includes an IC andan antenna and communicates with a terminal by a wireless communicationtechnique.

The present invention may also be applied to identification cards thatare of a different size than the ID-1 standard size.

The above description and/or the accompanying drawings are not meant toimply a fixed order or sequence of steps for any process referred toherein; rather any process may be performed in any order that ispracticable, including but not limited to simultaneous performance ofsteps indicated as sequential.

As used herein and in the appended claims, the term “embedded”encompasses being completely or only partially embedded.

As used herein and in the appended claims, the term “generallyrectangular” includes a rectangle having rounded corners.

Although the present invention has been described in connection withspecific exemplary embodiments, it should be understood that variouschanges, substitutions, and alterations apparent to those skilled in theart can be made to the disclosed embodiments without departing from thespirit and scope of the invention as set forth in the appended claims.

1. An article of manufacture, comprising: a mailing envelope; a letterinside the mailing envelope; a contactless payment card attached to theletter; and a conductive ink or metallic area on at least one of theletter and the envelope, said conductive ink or metallic area forpreventing unauthorized reading of the contactless payment card.
 2. Thearticle of manufacture of claim 1, wherein the conductive ink ormetallic area is on the letter.
 3. The article of manufacture of claim1, wherein the conductive ink or metallic area is on the envelope. 4.The article of manufacture of claim 1, wherein the contactless paymentcard is a credit card.
 5. The article of manufacture of claim 1, whereinthe conductive ink or metallic area interferes with an RF signaldirected to the contactless payment card.
 6. An article of manufacture,comprising: a mailing envelope; a letter inside the mailing envelope; acontactless payment card attached to the letter; and a conductive ink onat least one of the letter and the envelope, said conductive ink forpreventing unauthorized reading of the contactless payment card.
 7. Thearticle of manufacture of claim 6, wherein the conductive ink is on theletter.
 8. The article of manufacture of claim 6, wherein the conductiveink is on the envelope.
 9. The article of manufacture of claim 6,wherein the contactless payment card is a credit card.
 10. The articleof manufacture of claim 6, wherein the conductive ink interferes with anRF signal directed to the contactless payment card.
 11. An article ofmanufacture, comprising: a mailing envelope; a letter inside the mailingenvelope; a contactless payment card attached to the letter; and ametallic area on at least one of the letter and the envelope, saidmetallic area for preventing unauthorized reading of the contactlesspayment card.
 12. The article of manufacture of claim 11, wherein themetallic area is on the letter.
 13. The article of manufacture of claim11, wherein the metallic area is on the envelope.
 14. The article ofmanufacture of claim 11, wherein the contactless payment card is acredit card.
 15. The article of manufacture of claim 11, wherein themetallic area interferes with an RF signal directed to the contactlesspayment card.